How to set up a system-wide ssh-agent that would work on all terminals?

The question is basically this (How do I get ssh-agent to work in all terminals?) but for NixOS.

The only NixOS option I could find was security.pam.services.<name>.sshAgentAuth but this may not be it because it didn’t work (or I didn’t use it correctly; maybe re-boot needed?).

I tried to use keychain as well (with these instructions) but no luck; any new terminal would just ignore it. (Again, this still could be me.)

Is there a straightforward post on how to do this? Thanks in advance!


update-1: Also found /nixos/modules/programs/ssh.nix in Nixpkgs that seems to start ssh-agent as a service, but not sure what I’m looking at to be honest.


update-2: Just realized that this is a NixOS module to configure SSH, and the options attribute set provides the options that can be queried at NixOS options. (Not sure why this wasn’t obvious.)

The relevant option in my case would probably be programs.ssh.startAgent"

Description
Whether to start the OpenSSH agent when you log in. The OpenSSH agent remembers private keys for you so that you don’t have to type in passphrases every time you make an SSH connection. Use ssh-add to add a key to the agent.

Added it to /etc/nixos/configuration.nix, did nixos-rebuild switch, and it does not work but that’s probably because I haven’t logged in and out yet.

So what is security.pam.services.<name>.sshAgentAuth used for then?

I currently use systemd.user.sessionVariables.SSH_AUTH_SOCK = "/run/user/1000/keyring/ssh" with services.gnome.gnome-keyring.enable = true;. Otherwise, SSH_AUTH_SOCK wasn’t set in emacs.

I need to test if it works with sway on my laptop.

1 Like